SECURITY: MORE IMPORTANT NOW THAN EVER!
by: Cary Christian
Are you a pawn in a wider conspiracy to launch a cyber attack against the
Would you know if you were?
Are you aware that you could be?
It is becoming ever more likely that the answer to the first question is
"yes," and the general historical responses to questions 2 and 3 when asked
of small and home business owners is a resounding "no."
Even the Bush administration's cyber security strategy begins with an appeal
to small business and home computer users to place more emphasis on
security. The typical small business and home user is not very security
conscious and has a level of vulnerability they are not even aware of.
"It's my business," you might say. "I am the one who will be hurt if my
systems are compromised."
The problem is, that disclaimer is only partly true. If your computer is not
secure, it can, and possibly will, be used as part of a broader attack on
other systems and you may never know what's going on inside that little box.
A recent article in the Washington Post spoke of the Honeynet Project, where
servers and computers were taken out of the box and placed on the net with
no additional configuration or security measures taken. They monitored these
computers and found that the most common security holes were hacked within 3
to 5 days. Even secured computers were scanned for security vulnerabilities
an average of 30 times per day!
The article goes on to point out that a hacker, using automated software
tools that are available online, can set in motion a scan of a million
computers before going to bed and have hundreds under his or her control by
Once your machine is controlled, it could be used to store illegal
information and images or for financial gain at your expense. But it could
also be used to launch attacks against others, including government sites.
Your domains and email addresses can be highjacked and used for God knows
Still think it doesn't affect you?
Internet attacks against public and private organizations around the world
increased by 28% in the past six months. A study conducted by the Internet
security firm Riptech Inc. found more than 180,000 successful attacks
between January and June.
If cyber attacks haven't affected you yet, they will if you continue to run
insecure systems. I can almost guarantee that! I've urged you to protect
yourself before for your own good: to avoid identity theft, damage to your
files, theft of private information, etc. Now I'm urging you to secure your
system for the benefit of others. Don't be a pawn in a cyber attack that
could affect hundreds of others using YOUR machine. Make it a little more
difficult by keeping your computers off limits to hackers.
A hacker can cause you tons of grief on a personal level. Take it from
someone who's been there and knows. But you now have a responsibility to
others that you need to take seriously.
Here's what you can do.
1. GET A FIREWALL!
There are several free firewalls available that are simply outstanding and
will work just fine. I recommend Tiny Personal Firewall from Tiny Software.
You can download yours free RIGHT NOW at:
You can have it up and running and providing you with excellent protection
in less than half an hour.
When configured properly, hackers will not even be aware your computer is
online. If they do happen to find it, the firewall will control traffic into
and out of your computer to prevent damage to your own system and to prevent
it from being used to launch an attack against someone else.
If you use DSL or broadband service and your computer is online all the
time, you cannot be without a firewall. Period! If you're using dial-up
service, you should still have one even though your risk might not be as
2. TEST YOUR FIREWALL!
Once your firewall is up and running, take a few minutes from time to time
to test it. Go to the Gibson Research site at
and use "Shields Up" and "LeakTest" to make sure your firewall is running at
You should also go to PC Flank at
http://www.pcflank.com/ and run the tests listed in the left
border of the page. This site also provides "rulesets" you can use in your
firewall to easily customize the way your programs work with the firewall.
Don't ignore this testing! You want to make sure your computer is properly "stealthed"
when you're online.
3. USE AN ANTIVIRUS PROGRAM!
Most of you are probably already using an antivirus program, but you'd be
surprised how many people are not. A virus sent to your computer can not
only create havoc on your machine, but it can allow a hacker to remotely
control your machine. The firewall will normally protect you from hacking
activity, but if you allow a virus to infect your machine, the particular
virus might just be able to use your own firewall rulesets against you to
give the hacker the control he or she wants.
Remember, your email is coming into your machine through a source, your
email client, that your firewall allows to function rather freely.
Therefore, your firewall is not going to stop email viruses.
You can get an outstanding antivirus program for free. I highly recommend
AVG Antivirus which you can download from
http://www.grisoft.com It's the one I use and I couldn't be
happier with it.
4. MANAGE YOUR PASSWORDS CAREFULLY
Don't make your passwords too easy to break. Change them every once in
awhile. Resist the urge to use the same password everywhere you need one and
never change it.
5. PATCH YOUR SYSTEM
If you've been batting a thousand so far, here's one you're probably not
doing frequently enough. Companies, especially Microsoft, are releasing
security patches at a rapid pace. When they are released, it is normally
CRITICAL from a security standpoint that you apply the patch
immediately. Yes, it's a pain, but get into the habit of checking for
patches frequently, and when you find them, download and apply them.
None of the steps I am recommending here are that difficult, and they don't
cost a cent. Take the little bit of time required to secure your systems for
your own sake and to live up to the responsibility you have to others.
Copyright (c) 2002